Multiple matching control method

ABSTRACT

The aim of this invention is to pair a security module with one or more host apparatuses in an environment in which the host module has no connection with the management centre. This aim is achieved thanks to a pairing control method between a first device such as a removable security module and a second device such as a host apparatus, this pairing consisting in securing data exchanges with the aid of a unique pairing key, this method consisting in: verifying the pairing between the two devices and using the unique pairing key if the pairing has been already carried out, if not, searching for a free location among the locations reserved for the pairing data in the first device and in this case, initiating a pairing procedure by transmitting a cryptogram contained in the second device and that contains an identifier belonging to this device, this cryptogram being encrypted by a secret key common to all the first devices, decrypting this cryptogram using the first device and extracting from this cryptogram the identifier of the second device, generating a pairing key based on this identifier, storing in the first device the pairing data with the second device.

The present invention refers to the domain of pairing between a securitymodule and a host module, with the particular aim of securingcommunications between the two modules.

Pairing is a known mechanism that consists in dividing a unique secretbetween two devices thus rendering the communication between these twodevices inaccessible to all other devices.

This pairing is described in application EP1078524 and allows theconnection of a security module to a receiver thanks to the presence ofa unique encryption key known only by these two elements.

In an environment that allows the connection of a security module toseveral host apparatuses such a pairing is not possible, as it is toorestrictive.

The document WO02/052515 describes a solution that puts into practicethe pairing control by means of a management centre. The security modulecan be paired to any apparatus as long as the management centre givesauthorisation. This solution supposes the existence of a channel thatallows the management centre to send one or more messages to thesecurity module.

Therefore, the aim of this invention is to pair a security module withone or more host apparatuses in an environment in which the call to amanagement centre is not possible at the time of the pairing, that is tosay, there is no channel between the management centre and the securitymodule.

This aim is achieved thanks to a pairing control method between a firstdevice such as a removable security module and a second device such as ahost apparatus, this pairing consisting in securing data exchanges withthe aid of a unique pairing key, this method consisting in:

-   -   verifying the pairing between the two devices and using the        unique pairing key if the pairing has been already carried out,        if not,    -   searching for a free location among the locations reserved for        the pairing data in the first device and in this case,    -   initiating a pairing procedure by transmitting a cryptogram        contained in the second device and that contains an identifier        belonging to this device, this cryptogram being encrypted by a        secret key common to all the first devices,    -   decrypting this cryptogram using the first device and extracting        from this cryptogram the identifier of the second device,    -   generating a pairing key based on this identifier,    -   storing in the first device the pairing data with the second        device.

This method contains two important characteristics. The first is thepossibility of storing several pairing data in the security module(first device). The maximum number will be voluntarily limited in orderto prevent the same module pairing with an unlimited number of hostapparatuses.

The second characteristic is the way in which the pairing key iscreated. Initially, one particular security module is not destined topair with a particular host apparatus. This is why, according to a firstvariant, a unique identifier is encrypted in the host apparatus (seconddevice) with a key that is contained in each security module. Thisidentifier can be the serial number of the host apparatus, an encryptionkey or a number randomly generated during the personalization of eachhost apparatus or it can be a mixture of these elements.

According to an embodiment, the cryptogram contains a secret key thatcan be of the symmetrical or asymmetrical type. Once decrypted by thesecurity module, the latter generates a random key that will be thepairing key and encrypts it with the secret key then sends it to thehost apparatus. The unique serial number of the host apparatus willpreferably be contained in the first messages exchanged between the twoelements in order to obtain pairing verification.

In a second embodiment, the pairing key is already included in thecryptogram transmitted by the second device. In this case, the pairingkey is a unique key, belonging to the host apparatus and does not dependin any way on the security module.

The invention also refers to a way in which the cryptogram is containedin the security module. The latter is that which will transmit thecryptogram to the host apparatus for the generation of the pairing key.It is to be considered that the common decryption key, in this casestored in the host apparatus, is stored in a security element, such as asecured memory.

If a new pairing is carried out, the pairing data will be registered andwill occupy one of the locations envisaged for the different pairingthat a security module is able to accept. The pairing data is forexample the host apparatus serial number together with the pairing key.

Due to the fact that the number of locations is limited, it is probablethat the security module will be connected to a new host apparatus whileall the locations are in use. To determine the location to be replaced,there are several mechanisms, namely:

-   -   an activity counter associated to each location. At each pairing        negotiation between the security module and the host apparatus        this counter is increased. In this way, the smallest counter        determines the location least used. Said location is that which        will be replaced by the new pairing. Pairing negotiation is        generally understood to mean the powering on the host module and        the request for information by the security module.    -   a pairing chronology counter associated to each location. At        each pairing negotiation, the corresponding counter takes the        value of the greatest of all the counters plus one, except if        this counter is already the greatest, in which case it is not        modified. Thus, the counter having the lowest value indicates        the location of the oldest pairing. This is the location that        will be replaced by the new pairing.

In one embodiment, with any new pairing or any pairing changes (thishappens when no free locations are available) a secret code (PIN code)is introduced. On the first insertion of the security module in the hostapparatus the security module initiates a sequence in the host apparatusthat, according to its display means, requests the user to introducethis secret code. When the user introduces the correct code, which isthen transferred towards the security module, it is the only valid casefor which the latter will accept this new pairing.

According to the chosen variants, it is possible that this secret codewill be required for each new pairing without relation to the occupancyof the memory locations. In another variant, it is possible to force thesecret code to intervene in the case of replacing a location that isalready occupied.

Several variants are envisaged to determine the validity of this secretcode. In a first simplified variant, the secret code is constant for asecurity module and is distributed with said module.

In a second variant, the user calls or connects to a management centrethat transmits to the user the unique number of the security module andof the host apparatus. This centre calculates a secret code according toan algorithm taking into account the two variables that are the twounique numbers. This algorithm is also contained in the security modulein order to verify the conformity of the secret code. The call to themanagement centre can be made prior to pairing so that the necessarycode will be available when the module connects with the host apparatus.

According to a third variant, the algorithm used for the calculation ofthe code is based on the unique number of the security module and of anincremental index. This code is then combined with the unique number ofthe host apparatus in order to obtain the secret code that is thentransmitted to the user to authorize its new pairing.

The code can be determined according to the formula: CS=G(K,(FN(UA)))=G(K, F((FN-1(UA)))), in which CS is the secret code, UA theunique number of the security module, N the incremental index, K theunique number of the host apparatus, F an encryption function and G afunction which makes K intervene in the calculation of the CS.

In this way, the secret code inevitably changes for each pairing. Eitherthe result of the function FN-1 (UA), or the value of the index N isstored in the module memory to be used as the starting point for thenext pairing. In order for the centre to be able to calculate thecorrect secret code, it is necessary for the centre to be synchronisedwith the security module. For this, the user, during the request, canfor example, transmit to the centre the value of the index N or theresult of the function FN-1 (UA) previously transmitted by the securitymodule. Of course, the user must also transmit the unique number of thesecurity module and of the host apparatus to the management centre.

However, if the value of the index N in the security module is notaccessible to the management centre, said centre can transmit a secretcode that does not necessarily correspond to the last index of thesecurity module. Due to this eventual difference between the indexstored in the security module and the index stored in the managementcentre, a secret code correctly calculated in the management centre canbe rejected by the security module.

In this case, it is possible to resynchronise the security module. Iffor example, the management centre has provided a secret codeoriginating from the number of the user's host apparatus and from thecryptogram of incremental index 12, that is to say that which is in themanagement centre, and if the cryptogram stored in the security moduleis of index 8, then the module will calculate the secret codescorresponding to indexes 8, 9, 10, 11, 12 to notice that the cryptogramoriginating from the manually introduced code corresponds to a validcryptogram of a higher index. This noticing indicates that themanagement centre has previously sent four secrets codes that the userof the security module has finally not used.

It is certain than the index difference between the current index (8 inour example) and the management centre index (12 in our example) will belimited to an acceptable number. It is not a question of searchingthrough thousands possibilities in the hope of finding the correctsecret code.

It is to be highlighted that this third variant includes the possibilityof not allowing the intervention of the unique number of the hostapparatus in the calculation of the secret code, by defining CS=(FN(UA))which corresponds to the case in which the previously mentioned functionG is defined using G(x, y)=y. This variant is interesting if one wishesto separate the secret code from the host apparatus number. In fact, ifit is easy to find out the number of the security module, by definitionan easily transportable module, it is more difficult to find out theunique number of the host apparatus, in particular when the secret codehas to be obtained before connecting the two elements.

The invention will be better understood thanks to the following detaileddescription that refers to the unique figure that is given as anon-limitative example and that shows the two main elements and the datathat they contain.

The security module MS includes a secured database DB in which, amongstothers, the pairing data is to be found. This reference data PDT1 toPDTn occupies the memory locations from 1 to n. Note that the number nof locations envisaged in the module MS can be equal to 1.

This base DB also contains the key k common to all the security modulesMS and allows the decryption of the cryptogram CY as well as the index Nof the number of pairings previously carried out.

Initially, the host module MH contains this index in a memory M that caneither be of the secured type or freely accessible. However, it ispreferable that this memory is protected and difficult to access inorder to avoid one host apparatus being confused with another.

This cryptogram CY is encrypted by the key k and contains, in oneembodiment, the serial number SN and a mark PT which value is known bythe security module. This mark PT allows the security module ensuringthe validity of the cryptogram. This mark PT is common to all thecryptograms. According to another variant, it can be unique to the hostapparatus. The cryptogram CY can also contain the pairing key MHKey ofthe host apparatus that will later be used to secure the datatransmission between the module MS and the host apparatus. For example,once this key is known by the two modules, a session key KS can benegotiated and used to encrypt the communication. Of course, in such acase, the key MHKey must also be stored in memory M of the hostapparatus and this memory must therefore be secured.

In the database DB of the security module MS, the data PDT1 to PDTnincludes an activity or chronology counter such as described above. Itis to be remembered that these counters allow the determination of thelocation to be replaced in the case that all locations are in use. Inthe cases where activity counters are used, the three locations can beused as an example, such as the locations PDT1 to PDT3 respectivelyoccupied by the pairings carried out by host modules MHA, MHB and MHC.At each pairing negotiation between the security module MS and themodule MHC for example, the counter CPT3 will be increased.

In the embodiments in which a session key KS generated from the pairingkey KA is used, it should be noted that this pairing can evolvedynamically, that is to say, that the session key KS is necessarychanged after a certain usage period; on the basis of the elementstransmitted during the pairing between these two entities (pairing key,host module key MHKey), a new session key is generated in this way. Thenumber of session keys already generated can then be counted and thisnumber can be considered as an activity counter.

When a new pairing request is required to the security module, it willdetermine the lowest activity counter and clear this location. Ofcourse, the security module also contains all the necessary informationto calculate and verify the secret codes.

1. Pairing Control method between a first device such as a removablesecurity module and a second device such as a host apparatus thispairing aiming to secure the data exchange with the aid of a uniquepairing key, this method comprising the steps of: verifying the pairingbetween the two devices and using the unique pairing key if the pairinghas been already carried out, if not, searching for a free locationamong the locations reserved for the pairing data in the first deviceand in this case, initiating a pairing procedure by transmitting acryptogram contained in the second device, and comprising an identifierbelonging to this device, this cryptogram being encrypted by a secretkey common to all the first devices, decrypting this cryptogram thefirst device and extracting from this cryptogram the identifier of thesecond device, generating a pairing key based on this identifier,storing in the first device the pairing data with the second device. 2.Method according to claim 1, wherein the pairing key is based on theidentifier of the second device and on the data of the first device. 3.Method according to claims 1, wherein the cryptogram is stored in thefirst device and encrypted with a secret key common to the seconddevices.
 4. Method according to claims 1, wherein each location includesan activity counter updated during every positive verification of thepairing based on this location, the search for the location to bereplaced being determined by the value of the activity counter. 5.Method according to claims 1, wherein pairing is conditioned by theintroduction of a secret code transmitted to the first device andverified by said first device.
 6. Method according to claim 5, whereinthe secret code belongs to and is unique to each first device.
 7. Methodaccording to claim 5, wherein the required secret code is different ineach pairing.
 8. Method according to claim 5, wherein it comprises thesteps of: transmitting a unique identifier of the first device and aunique identifier of the second device to a management centre, verifyingthe conformity of this pairing and calculating by means of themanagement centre the corresponding secret code on the basis of the twoidentifiers, transmitting this secret code to the user, initiating thepairing and requesting the introduction of the secret code, by means ofthe first device. calculating by means of the first device the necessarysecret code on the basis of the identifiers of the first and seconddevices, comparing the calculated code with that which has beenintroduced by the user, accepting the pairing if the two codes areidentical.
 9. Method according to claim 8, wherein it comprises thesteps of determining the new secret code on the basis of the twoidentifiers and of an index that represents the number of pairingspreviously carried out, whereas the first device stores this index inits memory.